Threat actors linked to China have deployed a novel backdoor, according to researchers. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Hackers exploit zero-day flaw in Dell RecoverPoint for Virtual Machines
Tracking Malware Campaigns With Reused Material, (Wed, Feb 18th)
A few days ago I wrote a diary called “Malicious Script Delivering More Maliciousness”[1]. In the malware infection chain, there was a JPEG picture that embedded the last payload delimited with “BaseStart-” and “-BaseEnd” tags. This article has been indexed…
Palo Alto Networks to Acquire Koi in Reported $400 Million Transaction
Koi has developed an endpoint security solution that Palo Alto will use to enhance its products. The post Palo Alto Networks to Acquire Koi in Reported $400 Million Transaction appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Hackers Use Fake CAPTCHA To Infect Windows PCs
Hackers are using fake CAPTCHA verification pages to trick Windows users into running malicious PowerShell commands that install information-stealing software. Thank you for being a Ghacks reader. The post Hackers Use Fake CAPTCHA To Infect Windows PCs appeared first on…
Hacking protestors, UK “locks the door,” Kenyan politician phone cracked
Hackers target anti-government protestors UK launches “lock the door” cybersecurity campaign Cellebrite linked to phone hack on Kenyan politician Get the full show notes here: https://cisoseries.com/cybersecurity-news-hacking-protestors-uk-locks-the-door-kenyan-politician-phone-cracked/ Huge thanks to our sponsor, Conveyor Most of what Conveyor automates is boring. Like…
MetaMask Users Targeted by Phishing Emails with Fake Security Report to Bypass Detection
A new phishing campaign is targeting MetaMask users with cleverly crafted emails designed to trick recipients into enabling a fake Two-Factor Authentication (2FA) setup. The lure includes a forged “security report” PDF meant to mimic a legitimate notification about unusual…
Claude Sonnet 4.6 launches with improved coding and expanded developer tools
Anthropic released Claude Sonnet 4.6, marking its second major AI launch in less than two weeks. Scores prior to Claude Sonnet 4.5 (Source: Anthropic) According to Anthropic, Sonnet 4.6 delivers improved coding skills to more users. Tasks that once required…
Microsoft Defender update lets SOC teams manage, vet response tools
Microsoft introduced library management in Microsoft Defender to help security analysts working with live response manage scripts and tools they use to triage, investigate and remediate threats. The library management interface allows analysts to organize their investigation tools and manage…
IT Security News Hourly Summary 2026-02-18 09h : 7 posts
7 posts were published in the last hour 7:36 : New Malware Campaign ‘CRESCENTHARVEST’ Exploits Iran Protest Sentiment to Deploy Information-Stealing RAT 7:36 : Critical Windows Admin Center Vulnerability Allows Privilege Escalation 7:36 : Dell RecoverPoint Zero-Day Exploited by Chinese…
New Malware Campaign ‘CRESCENTHARVEST’ Exploits Iran Protest Sentiment to Deploy Information-Stealing RAT
A sophisticated new malware campaign named ‘CRESCENTHARVEST’ has surfaced, strategically exploiting the geopolitical unrest in Iran to target dissidents and protest supporters. This cyberespionage operation leverages social engineering to deploy a dual-purpose threat capability, functioning as both a remote access…
Critical Windows Admin Center Vulnerability Allows Privilege Escalation
A critical security update addressing a high‑severity elevation of privilege vulnerability in Windows Admin Center (WAC), identified as CVE‑2026‑26119. The flaw, rated CVSS 8.8 (Critical), stems from improper authentication (CWE‑287) that could allow an authorized attacker to gain elevated network privileges. According to Microsoft, this…
Dell RecoverPoint Zero-Day Exploited by Chinese Cyberespionage Group
GTIG and Mandiant said the zero-day tracked as CVE-2026-22769 has been exploited by UNC6201 since at least 2024. The post Dell RecoverPoint Zero-Day Exploited by Chinese Cyberespionage Group appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
AWS coding agents gain new plugin support across development tools
AI coding assistants have become a routine part of many development workflows, helping engineers write, test, and deploy code from IDEs or command line interfaces. One recent change in this ecosystem makes it possible for those agents to interact with…
CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows – CVE-2026-2441 (CVSS score:…
Foxveil Malware Loader Uses Cloudflare, Netlify, and Discord to Bypass Detection
A new malware loader, dubbed Foxveil, that abuses trusted platforms such as Cloudflare Pages, Netlify, and Discord to stage and deliver malicious payloads while evading traditional detection methods. Active since at least August 2025, the loader is used as an…
CISA Warns of Actively Exploited Google Chromium 0‑Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting the Google Chromium engine to its Known Exploited Vulnerabilities (KEV) catalog. Tracking as CVE-2026-2441, this security flaw is currently being actively exploited in the wild. The…
New Phishing Campaign Exploits Booking.com Partners, Targets Customers in Multi-Stage Fraud Scheme
New phishing activity is again abusing the Booking.com ecosystem to defraud both hotel partners and their guests, using a coordinated multi‑stage campaign that blends email, infrastructure abuse, and social engineering across email and WhatsApp. The primary objective is financial gain, using tailored…
Critical Flaw in Windows Admin Center Exposes Systems to Privilege Escalation Attacks
Microsoft has officially released a security update addressing a severe vulnerability found within the Windows Admin Center. Tracking under the identifier CVE-2026-26119, this critical flaw presents a significant risk to enterprise environments relying on the platform for server management. The…
Master XDR Investigations: A Deep Dive into the GravityZone XDR Demo Incident
An attacker’s initial access, whether through phishing, unmanaged devices, exploited vulnerabilities, or a compromised supply chain, marks the beginning of a dangerous chain of events. The post Master XDR Investigations: A Deep Dive into the GravityZone XDR Demo Incident appeared…
The defense industrial base is a prime target for cyber disruption
Cyber threats against the defense industrial base (DIB) are intensifying, with adversaries shifting from traditional espionage toward operations designed to disrupt production capacity and compromise supply chains. In this Help Net Security interview, Luke McNamara, Deputy Chief Analyst, Google Threat…
CRESCENTHARVEST Malware Campaign Uses Iran Protest Lures to Deploy Info‑Stealing RAT
A new malware campaign, dubbed CRESCENTHARVEST, that abuses the ongoing Iran protest narrative to deliver a powerful information‑stealing remote access trojan (RAT) against Farsi‑speaking users. The operation appears tailored to supporters of the protests and other Iran‑focused audiences, with a clear…
OpenClaw AI ‘Log Poisoning’ Flaw Enables Malicious Content Injection
A severe “log poisoning” vulnerability has been discovered in the popular OpenClaw AI assistant, potentially allowing attackers to manipulate the agent’s behaviour through indirect prompt injection. OpenClaw, an open-source autonomous agent known for its deep system integrations and ability to…
Eurail User Records Up for Sale on the Dark Web
Eurail BV has confirmed that some customer data impacted by the previously reported security incident has been offered for sale on the dark web and a sample data set has been posted on Telegram. The company said it is continuing to investigate the scope…
Everyone uses open source, but patching still moves too slowly
Enterprise security teams rely on open source across infrastructure, development pipelines, and production applications, even when they do not track it as a separate category of technology. Open source has become a default building block in many environments, and the…